[Date Prev][Date Next] [Chronological] [Thread] [Top]

authenticate a user to LDAP server using GSS-SPNEGO and Kerberos



Hi
 
I have to authenticate a user to LDAP server using GSS-SPNEGO and Kerberos as base mechanism.
I have successfully generated the TGT.
Now I want to use ldap_sasl_bind_s() function with "GSS-SPNEGO" as mechanism.
I am not sure of the parameters to pass.
I read on http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/apis/ldap_sasl_bind_s.htm that in case of Kerberos,we can use the above mentioned ticket if we have the TGT.Just we need to pass 'cred' and 'dn' as NULL and the functional will automatically take care of the rest of the mechanism under covers.
ldap_sasl_bind_s (g_hLDAP,"", "GSS-SPNEGO" ,NULL,NULL,NULL, &servercredp )
This is how I am calling the function but is throwing LDAP_PARAM_ERROR.
I am not sure of the reason. Can anyone help me on the reason?
Also i wanted to know that do we need to any configurations at the LDAP server end to do enable kerberos authentication.
Also do i need to call krb5_mk_req() before calling ldap_sasl_bind_s() or can i directly call ldap_sasl_bind_s()?
Can anyone help me on the flow of API for achieving complete authentication after achieving the kerberos ticket.
.
Any thoughts?